[Rocks-Discuss] mysql.user default table

8 views
Skip to first unread message

francois fauteux

unread,
Feb 24, 2009, 4:11:06 PM2/24/09
to npaci-rocks...@sdsc.edu
Hi,
What is the default mysql.user table in rocks.

I made a mistake by deleting users in this table and would like to restore
it to default.

Is apache the only user needed for the cluster to function properly, what
minimal privileges does it need ?

Would
GRANT SELECT, INSERT ON cluster TO 'apache'@'localhost';
do the job and restore default behaviour?

Thanks much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20090224/4db00545/attachment.html

jean-francois prieur

unread,
Feb 24, 2009, 4:47:00 PM2/24/09
to Discussion of Rocks Clusters
I just had a look at my user table:

You need a root@localhost user entry with the same password as the root user
on the frontend
I see that the apache user has a password entry, have no idea what that
password should be. Don't see why it should have a password since the apache
user has no privileges it seems (not even SELECT)
There is also an entry for a wordpress user with no password (Ganglia?) and
no privileges.

I am VERY new at Rocks, just letting you know what is in my user table.
Don't know why you need the apache and wordpress users if they have no
privileges, unless my installation is borked as well! Seems to be running OK
though.

Jean-Francois Prieur,
Research Assistant for Dr. Guillame Lamoureux
Department of Chemistry and Biochemistry
Concordia University, Montreal, QC, Canada


2009/2/24 francois fauteux <ffau...@gmail.com>

URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20090224/f8ad001f/attachment.html

jean-francois prieur

unread,
Feb 24, 2009, 4:53:14 PM2/24/09
to Discussion of Rocks Clusters
I answered to quickly, my apologies to the list (was too eager to help!),
the privileges for the apache and wordpress users are defined in the
mysql.db table so if you haven't touched that table you should be OK on the
privileges part. The tricky part may be the apache password which, as stated
below, I have no idea how it is generated. I would assume there are some
security/functional implications in leaving the apache user password blank.
Will let more knowledgeable people tell us if you could simply change the
Linux apache user password and use that new one in mysql.

JF

2009/2/24 jean-francois prieur <jfpr...@gmail.com>

URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20090224/b4fc190b/attachment.html

Philip Papadopoulos

unread,
Feb 24, 2009, 5:07:25 PM2/24/09
to Discussion of Rocks Clusters
/export/rocks/install/rocks-dist/......./build/nodes/database-data.xml
contains the mechanism we use (applied before database has a password)

In that node --
<post>
<!-- Password Access for the apache and root user Create Password -->
export clupass=`/bin/date +%N`

<!-- now password protect the root user and apache user in database -->
<file name="/tmp/perms2.sql" perms="0400">
update mysql.user set \
password='*<var name="Kickstart_PrivateSHARootPassword"/>' \
where user='root';
</file>
echo "set password for apache@localhost=PASSWORD(\"$clupass\");" &gt;&gt;
/tmp/perms2.sql
echo "set password for apache@<var
name='Kickstart_PrivateHostname'/>=PASSWORD(\"$clupass\");" &gt;&gt;
/tmp/perms2.sql

/usr/bin/mysql &lt; /tmp/perms2.sql

<!-- create the /root/.my.cnf file so that when root does
"mysql -u apache cluster", everything works -->
<file name="/root/.my.cnf" perms="0440" owner="root.apache">
[client]
</file>
echo "password=$clupass" &gt;&gt; /root/.my.cnf
</post>


--
Philip Papadopoulos, PhD
University of California, San Diego
858-822-3628 (Ofc)
619-331-2990 (Fax)


-------------- next part --------------
An HTML attachment was scrubbed...

URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20090224/1b373671/attachment.html

Tim Carlson

unread,
Feb 24, 2009, 5:10:31 PM2/24/09
to Discussion of Rocks Clusters
On Tue, 24 Feb 2009, jean-francois prieur wrote:

The password for the apache user is in /root/.my.cnf and you do need that
password to install nodes.

Tim

> URL:https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20090224/b4fc190b/attachment.h
> tml
>
>
>

francois fauteux

unread,
Feb 24, 2009, 5:12:53 PM2/24/09
to Discussion of Rocks Clusters
I found this at the bottom of the database.xml file:

1) grant select,update,insert,delete,lock tables on cluster.* to
apache@localhost;
2) grant select,update,insert,delete,lock tables on cluster.* to apache@"<var
name="Kickstart_PrivateHostname"/>";
3) grant select on cluster.* to ''@localhost;

I am not too sure about the var name="Kickstart_PrivateHostname".

I did the GRANT 1 and 3 and it restored some functionalities, but not all.

Does the root pwd needs to be the same as that used for install ?

Also wordpress does not function yet.

Thanks,


2009/2/24 jean-francois prieur <jfpr...@gmail.com>

URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20090224/6b1b9199/attachment.html

francois fauteux

unread,
Feb 24, 2009, 6:11:25 PM2/24/09
to Discussion of Rocks Clusters
Fix:

mysql.user:
+-----------+------------+
| Host | User |
+-----------+------------+
| localhost | wordpress |
| localhost | |
| localhost | apache |
+-----------+------------+

apache pwd from /root/.my.cnf
wordpress without pwd

and everything runs fine.

Thanks all.

2009/2/24 Tim Carlson <tim.c...@pnl.gov>

URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20090224/220fe720/attachment.html

Reply all
Reply to author
Forward
0 new messages